Issue 853928 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Dec 12
Cc:	wfh@chromium.org palmer@chromium.org
Components:	Security
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Bug

Consider squatting DLL load addresses for independent ASLR on the browser process.

Project Member Reported by rickyz@chromium.org, Jun 18 2018

Issue description

Investigate whether it is possible to get independent ASLR between browsers/renderers on Windows by squatting on Window's boot-time-determined preferred load addresses for DLLs.

Per chat discussion, not 100% sure whether or not this is possible, but may be worth looking into.

Investigate whether it is possible to get independent ASLR between browsers/renderers on Windows by squatting on Window's per-boot preferred load addresses for DLLs.

Per chat discussion, not 100% sure whether or not this is possible, but may be worth looking into.

Comment 1 by rickyz@chromium.org, Jun 18 2018

Description: Show this description

Comment 2 by palmer@chromium.org, Jun 18 2018

Cc: palmer@chromium.org

Comment 3 by rickyz@chromium.org, Dec 12

Status: WontFix (was: Available)

Additional info from a chat discussion:

Unfortunately, it is likely impossible to do this for ntdll.dll, which likely contains enough ROP gadgets to make this not worthwhile.

►

Issue 853928 link

Issue metadata

Consider squatting DLL load addresses for independent ASLR on the browser process.

Issue description

Comment 1 by rickyz@chromium.org, Jun 18 2018

Comment 1 Deleted

Comment 2 by palmer@chromium.org, Jun 18 2018

Comment 2 Deleted

Comment 3 by rickyz@chromium.org, Dec 12

Comment 3 Deleted

Sign in to add a comment